CVE-2023-2585 : Keycloak's device authorization grant does not correctly validate the device cod

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.

Published 2023-12-21 10:15:35

Updated 2024-01-02 18:28:17

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2023-2585

Redhat » Openshift Container Platform » Version: 4.12
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform » Version: 4.11
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Single Sign-on » Version: N/A Text-only Edition
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
Matching versions
Redhat » Single Sign-on » Version: 7.6
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
When used together with: Redhat » Enterprise Linux » Version: 9.0
Redhat » Openshift Container Platform For Ibm Z » Version: 4.9
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform For Ibm Z » Version: 4.10
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform For Linuxone » Version: 4.10
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform For Linuxone » Version: 4.9
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform For Power » Version: 4.10
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform For Power » Version: 4.9
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0

Exploit prediction scoring system (EPSS) score for CVE-2023-2585

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-2585

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N	2.8	5.2	NIST	2024-01-02
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: None
3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N	0.9	2.5	Red Hat, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2023-2585

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Assigned by: secalert@redhat.com (Secondary)

References for CVE-2023-2585

https://access.redhat.com/errata/RHSA-2023:3892

RHSA-2023:3892 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://access.redhat.com/security/cve/CVE-2023-2585

CVE-2023-2585- Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3884

RHSA-2023:3884 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2023:3885

RHSA-2023:3885 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=2196335

2196335 – (CVE-2023-2585) CVE-2023-2585 keycloak: client access via device auth request spoof
Issue Tracking;Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3883

RHSA-2023:3883 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2023:3888

RHSA-2023:3888 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-2585

Products affected by CVE-2023-2585

Exploit prediction scoring system (EPSS) score for CVE-2023-2585

CVSS scores for CVE-2023-2585

CWE ids for CVE-2023-2585

References for CVE-2023-2585